whoami

I’m an engineering manager in privacy engineering, part of a security org. I’m based out of Toronto now, but I used to be in SFBay.

I also sometimes do video games, cook, or art, but these days have been playing a lot of accordion.

work stuff

I am fairly flexible on the tech stack, having experience in the following:

  • writing/modifying Linux drivers (mac80211 to measure channel switching speeds)
  • writing operating system core software (poked at TSS stack on chromeos)
  • writing highly reliable backend services (Java payments/PKI stack)
  • machine learning research (custom classifiers in C)
  • scaling data pipelines (AWS EMR)
  • web/frontend development (React)
  • administering Linux servers/systems

I am an engineering manager right now, so I also have experience in the following:

  • managing junior and senior engineers so far with a max of 7 reports
  • coaching and career growth towards subsequent promotions
  • creating, evaluating, and updating interview panels and rubrics
  • interviewing interns, newgrads, senior engineers, consultants, project managers, engineering managers, and directors (to date I have conducted at least 200+ interviews)
  • developing long-term engineering/technical strategy and roadmap
  • developing, evaluating, and improving team and organizational processes
  • organizing and running sprints, standups, team meetings, hackweeks, operational reviews, OKRs, etc.
  • fostering cross-team collaborations across platform, product, and legal teams, etc.
  • spreadsheets (primarily google sheets with google apps scripts)

I have random other skills/knowledge that are specifically relevant to security sometimes:

  • vendor security assessments (including reading through SOC2 and PCI reports)
  • PCI PIN management (key manager overseeing key provisioning + audits)
  • some minor exploits (including participating in CTFs)
  • administering PKIs with HSMs (ncipher native and PKCS11, payshield)
  • incident response and postmortems

I also love conferences and meetups:

  • I have experience organizing 100-150-person LAN party events (including handling sponsors and marketing)
  • I have experience recruiting, managing, and supervising 200-300 volunteers at 2200+-participant security cons (BSidesSF)
  • I ran a 300-person workshop on how to get involved in CTFs that was well received (Grace Hopper)
  • I have given some talks (including Grace Hopper and USENIX Enigma)
  • I frequently am in the role of MC/organizer of small events (company-internal meetups)

I still have mild research interests related to privacy and text analysis (NLP). I used to do location privacy and stylometry research (sorry, I wasn’t good enough to get papers published).

You can see my work history as a resume or on LinkedIn.

contact

I may be reached at s at shh dot sh . My GPG Key is 1BE6 766C DC52 439A 5722 DCA2 BDE4 3806 8A2B D353.

You can also interact with me on Twitter.